---
layout: docs
page_title: API Gateway for Kubernetes Technical Specifications
description: >-
  Consul API Gateway is a service mesh add-on for Kubernetes deployments. Learn about its requirements for system resources, ports, and component versions, its Enterprise limitations, and compatible k8s cloud environments.
---

# API Gateway for Kubernetes Technical Specifications

This topic describes the technical specifications associated with using Consul API Gateway.

## Requirements

Verify that your environment meets the following requirements prior to using Consul API Gateway.

### Datacenter Requirements

Your datacenter must meet the following requirements prior to configuring the Consul API Gateway:

- Kubernetes 1.21+
- `kubectl` 1.21+
- Consul 1.11.2+
- HashiCorp Consul Helm chart 0.47.1+
- Consul Service Mesh must be deployed on the Kubernetes cluster that API Gateway is deployed on.
- Envoy:  Envoy proxy support is determined by the Consul version deployed. Refer to [Envoy Integration](/consul/docs/connect/proxies/envoy) for details.

### TCP Port Requirements

The following table describes the TCP port requirements for each component of the API Gateway.

| Port | Description | Component |
| ---- | ----------- | --------- |
| 9090 | Secret discovery service (SDS) | Gateway controller pod <br/> Gateway instance pod |
| 20000 | Kubernetes readiness probe | Gateway instance pod |
| Configurable | Port for scraping Prometheus metrics. Disabled by default. | Gateway controller pod |

## Consul Server Deployments

- Consul Editions supported: OSS and Enterprise
- Supported Consul Server deployment types:
  - Self-Managed
  - HCP Consul

### Limited Support of some Consul Features

The following table lists API Gateway limitations related to specific Consul features

| Consul Feature | Limitation |
| -------------- | ---------- |
| [Admin partitions](/consul/docs/enterprise/admin-partitions) | You can deploy Consul API Gateway into the `default` admin partition only. You can route to services in other `default` admin partitions through peered connections. Refer to [Route Traffic to Peered Services](/consul/docs/api-gateway/usage/route-to-peered-services) for additional information. |
| Routing between datacenters | If you are connecting multiple Consul datacenters to create a federated network, you can route to services in other datacenters through peered connections. Refer to [Route Traffic to Peered Services](/consul/docs/api-gateway/usage/route-to-peered-services) for additional information. |

## Deployment Environments

Consul API Gateway can be deployed in the following Kubernetes-based environments:

- Generic Kubernetes
- AWS Elastic Kubernetes Service (EKS)
- Google Kubernetes Engine (GKE)
- Azure Kubernetes Service (AKS)

## Kubernetes Gateway API Specification - Supported Versions

See the Release Notes for the version of Consul API Gateway being used.

## Resource Allocations

The following resources are allocated for each component of the API Gateway.

### Gateway Controller Pod

- **CPU**: None. Either the namespace or cluster default is allocated, depending on the Kubernetes cluster configuration.
- **Memory**: None. Either the the namespace or cluster default is allocated, depending on the Kubernetes cluster configuration.

### Gateway Instance Pod

- **CPU**: None. Either the namespace or cluster default is allocated, depending on the Kubernetes cluster configuration.
- **Memory**: None. Either the namespace or cluster default is allocated, depending on the Kubernetes cluster configuration.
